Fortinet Builds Database Monitoring, Auditing into Portfolio

Four months after releasing a database vulnerability assessment product, Fortinet has added database monitoring and auditing technology to its portfolio. The company, traditionally a UTM vendor, is positioning itself to compete against database security vendors such as Lumigent and Application Security.

Fortinet made its first major play into the database security last
year with a release centered on vulnerability assessment. Now the
company has added database monitoring
capabilities, essentially squaring up more directly against
vendors such as Guardium, Lumigent and Application Security.
The announcement comes roughly four months after the company hit the
market with FortiDB-1000B, a database vulnerability assessment
appliance based on technology the company acquired from IPLocks. The
move was seen as an interesting one for Fortinet, whose traditional
bread and butter has been unified threat management (UTM) devices. At
the time, Fortinet officials described it as an important step towards
extending security to the application level.

In addition to adding scheduled-based monitoring to the family
of appliances, Fortinet has also included the ability to
record database activity for complete and accurate audit trails to help
organizations comply with regulatory standards such as PCI-DSS.

Beyond the technology, Fortinet is also making an attempt to target
different segments of the market. The company has released two new
editions of the product: FortiDB-400B, which is aimed at small to
midsized businesses, and FortiDB-2000B, which targets large
enterprises. The FortiDB-400B supports up to 10 database instances; the
2000B model supports up to 60.
"We believe data siphoning is and will continue to be a real and
imminent threat for corporations of all sizes and requires solutions
with breadth and depth to ensure data integrity and regulatory
compliancy," said Michael Xie, CTO of Fortinet, in a statement. "The
FortiDB was designed with this in mind by combining critical database
security functionality into one platform that offers the greatest value
to organizations of all sizes."
All the appliances support heterogeneous environments, including Oracle, IBM DB2, Sybase and Microsoft SQL Server.